Sign in with
Sign up | Sign in
Your question

Network Design

Last response: in Windows 2000/NT
Share
September 15, 2004 2:25:39 PM

Archived from groups: microsoft.public.win2000.security (More info?)

I want to setup a resonable network with good security.
I have 3 Server machines and 25 workstations.
I have to have Mixed mode network.

I have 4 Static Ip address from ISP. ISP has their router
install at my premises. They have full control over router.
I can't login to the router to make any changes.
They have configured their ADIT 600 router and told me
they have configured 4 static Ip address for me with
gateway and subnet that I can use.


I am told not to use any third party hardware and software
routers. I am forced to design Network with Windows 2000
servers and windows NT 4.0 with XP and 2000 pro
workstations.

I have to have a FILE server on windows NT 4.0 for users
Files, I have to have QuickBooks application to be shared
by many desktops/users from NT 4.0 server, I am required
to have Lotus Smart Suite Approach DBF with APR to be
stored on File server for users to access from
workstations/desktop/users, and there are 2 other
applications that would be stored on file server and
access by may workstations/Desktops/Users.

The most powerfull machine with raid 5 configure is
Windows NT 4.0 server. It has 3 SCSI hard drives 35 GB
space. NT is installed on basic disk 0 and Basic disk 1
has extended drives for all data storoage and applications.

The other 2 Server Machines are not suppose to be server
but I made them server since they were PRECISION
WORKSTATIONS with 3.2 GHZ hyperthreading with 40 GB each
and installed Windows 2000 server which resides on 6 GB
partion. Other space I left unallocated for both machines.

Do I have to have windows 2000 server with Active
Directory with DNS integration with Private IP addresses
so that USERS with Workstations can be Authincated to the
Domain of Windows 2000 server? Do I need to store Users
Profiles on the Windows 2000 Domain machines? I will call
my Domain controller Machine name Intranet so that when I
when I am asked to define fully qualified domain name
during DCPROMO I can have my machine name
Intranet.MycompanyName.Com. Should I have this Machine IP
address 192.168.1.1 since it is a internal first domain
controller and it is by no mean should have internet
access through PUBLIC STAIC IP ADDRESS from ISP?


I talked earlier about Only Windows 2000 server Router is
allowed. I wonder if I am right. Have 2 NIC card in
Machine One connected to PUBLIC IP Address through WAN
interface of ISP ROUTER. Second NIC for Workstations to
gain INTERNET ACCESS.

I just don't know do i need to have this second windows
2000 server machine to be a MEMBER of Active Directory
Domain? Should I have DHCP server installed on this
machine so that all other workstations get the private IP
address? Should I have NAT server install on this machine?

Does Windows NT 4.0 server has to be a MEMBER of Windows
2000 server domain. Will users be able to access Fiels and
application on NT server Machine once authincated through
Windows 2000 server domain......



I know , I know there are so many questions , I do have
some concepts but I am no PRO or have Proper trainng. Can
someone help me pleas please someone...anyhelp I will
really apprieciate ..Pleas please.....

More about : network design

Anonymous
September 15, 2004 4:51:52 PM

Archived from groups: microsoft.public.win2000.security (More info?)

> Do I have to have windows 2000 server with Active
> Directory with DNS integration with Private IP addresses
> so that USERS with Workstations can be Authincated to the
> Domain of Windows 2000 server?


If you are setting up a Win 2k domain you will need AD and DNS. You can not
have a Win 2k domain without AD. AD will not function properly unless DNS is
set up correctly.


Do I need to store Users
> Profiles on the Windows 2000 Domain machines?

Not unless you want to.


Should I have this Machine IP
> address 192.168.1.1 since it is a internal first domain
> controller and it is by no mean should have internet
> access through PUBLIC STAIC IP ADDRESS from ISP?


You can give it *any* unique IP address that is inline with your IP scheme.
Just make sure it is a static IP address.

hth
DDS W 2k MVP MCSE

"Student" <anonymous@discussions.microsoft.com> wrote in message
news:1a2b01c49b49$0525ae90$a601280a@phx.gbl...
> I want to setup a resonable network with good security.
> I have 3 Server machines and 25 workstations.
> I have to have Mixed mode network.
>
> I have 4 Static Ip address from ISP. ISP has their router
> install at my premises. They have full control over router.
> I can't login to the router to make any changes.
> They have configured their ADIT 600 router and told me
> they have configured 4 static Ip address for me with
> gateway and subnet that I can use.
>
>
> I am told not to use any third party hardware and software
> routers. I am forced to design Network with Windows 2000
> servers and windows NT 4.0 with XP and 2000 pro
> workstations.
>
> I have to have a FILE server on windows NT 4.0 for users
> Files, I have to have QuickBooks application to be shared
> by many desktops/users from NT 4.0 server, I am required
> to have Lotus Smart Suite Approach DBF with APR to be
> stored on File server for users to access from
> workstations/desktop/users, and there are 2 other
> applications that would be stored on file server and
> access by may workstations/Desktops/Users.
>
> The most powerfull machine with raid 5 configure is
> Windows NT 4.0 server. It has 3 SCSI hard drives 35 GB
> space. NT is installed on basic disk 0 and Basic disk 1
> has extended drives for all data storoage and applications.
>
> The other 2 Server Machines are not suppose to be server
> but I made them server since they were PRECISION
> WORKSTATIONS with 3.2 GHZ hyperthreading with 40 GB each
> and installed Windows 2000 server which resides on 6 GB
> partion. Other space I left unallocated for both machines.
>
> Do I have to have windows 2000 server with Active
> Directory with DNS integration with Private IP addresses
> so that USERS with Workstations can be Authincated to the
> Domain of Windows 2000 server? Do I need to store Users
> Profiles on the Windows 2000 Domain machines? I will call
> my Domain controller Machine name Intranet so that when I
> when I am asked to define fully qualified domain name
> during DCPROMO I can have my machine name
> Intranet.MycompanyName.Com. Should I have this Machine IP
> address 192.168.1.1 since it is a internal first domain
> controller and it is by no mean should have internet
> access through PUBLIC STAIC IP ADDRESS from ISP?
>
>
> I talked earlier about Only Windows 2000 server Router is
> allowed. I wonder if I am right. Have 2 NIC card in
> Machine One connected to PUBLIC IP Address through WAN
> interface of ISP ROUTER. Second NIC for Workstations to
> gain INTERNET ACCESS.
>
> I just don't know do i need to have this second windows
> 2000 server machine to be a MEMBER of Active Directory
> Domain? Should I have DHCP server installed on this
> machine so that all other workstations get the private IP
> address? Should I have NAT server install on this machine?
>
> Does Windows NT 4.0 server has to be a MEMBER of Windows
> 2000 server domain. Will users be able to access Fiels and
> application on NT server Machine once authincated through
> Windows 2000 server domain......
>
>
>
> I know , I know there are so many questions , I do have
> some concepts but I am no PRO or have Proper trainng. Can
> someone help me pleas please someone...anyhelp I will
> really apprieciate ..Pleas please.....
>
>
>
Anonymous
September 16, 2004 5:02:13 AM

Archived from groups: microsoft.public.win2000.security (More info?)

How did they setup the router? Tell them they need to set you up using one public IP
address that is using NAT/PAT so that you plug into a private IP address for a
default gateway. The other IP's you don't need must be blocked from their device to
your network.If they don't, you have no other option but to install your own
NAT/firewall device to protect your network to plug into their device.

I think you should really consider using a Windows 2000 domain and use two domain
controllers if at all possible. All the computers can be members of the domain. I
would not worry about using a Windows 2000 machine as a router. Either they need to
configure their device to your needs or you will have to use your own device to
protect your network which would be the default gateway. Default gateways usually
have the first host address in a network. The domain controller can be anything but
it makes sense to use something easy to remember such as 10. The user profiles can be
kept on the local machines and unless they move around a lot or you need mandatory
profiles then roaming profiles can be used or folder redirection for users on Windows
2000/XP Pro computers. Keep in mind that with NT4.0 computers on the network it will
be important to use wins and ALL computers including the wins server and domain
controllers need to be wins client also. A Windows 2000 Server should provide DHCP
for all the computers and the scope needs to provide dns server, default gateway,
wins server, and domain name. Keep in mind that proper dns configuration is
absolutely critical to a Windows 2000 domain. See the link below on why and how to
configure dns for an Active Directory domain. Domain controllers and DHCP server must
have static IP addresses and so should other servers. The domain controller needs to
point to itself as it's preferred dns server before you dcpromo it as do W2K/XP Pro
computers BEFORE they are joined to the domain. --- Steve

http://support.microsoft.com/default.aspx?scid=kb%3Ben-...

"Student" <anonymous@discussions.microsoft.com> wrote in message
news:1a2b01c49b49$0525ae90$a601280a@phx.gbl...
>I want to setup a resonable network with good security.
> I have 3 Server machines and 25 workstations.
> I have to have Mixed mode network.
>
> I have 4 Static Ip address from ISP. ISP has their router
> install at my premises. They have full control over router.
> I can't login to the router to make any changes.
> They have configured their ADIT 600 router and told me
> they have configured 4 static Ip address for me with
> gateway and subnet that I can use.
>
>
> I am told not to use any third party hardware and software
> routers. I am forced to design Network with Windows 2000
> servers and windows NT 4.0 with XP and 2000 pro
> workstations.
>
> I have to have a FILE server on windows NT 4.0 for users
> Files, I have to have QuickBooks application to be shared
> by many desktops/users from NT 4.0 server, I am required
> to have Lotus Smart Suite Approach DBF with APR to be
> stored on File server for users to access from
> workstations/desktop/users, and there are 2 other
> applications that would be stored on file server and
> access by may workstations/Desktops/Users.
>
> The most powerfull machine with raid 5 configure is
> Windows NT 4.0 server. It has 3 SCSI hard drives 35 GB
> space. NT is installed on basic disk 0 and Basic disk 1
> has extended drives for all data storoage and applications.
>
> The other 2 Server Machines are not suppose to be server
> but I made them server since they were PRECISION
> WORKSTATIONS with 3.2 GHZ hyperthreading with 40 GB each
> and installed Windows 2000 server which resides on 6 GB
> partion. Other space I left unallocated for both machines.
>
> Do I have to have windows 2000 server with Active
> Directory with DNS integration with Private IP addresses
> so that USERS with Workstations can be Authincated to the
> Domain of Windows 2000 server? Do I need to store Users
> Profiles on the Windows 2000 Domain machines? I will call
> my Domain controller Machine name Intranet so that when I
> when I am asked to define fully qualified domain name
> during DCPROMO I can have my machine name
> Intranet.MycompanyName.Com. Should I have this Machine IP
> address 192.168.1.1 since it is a internal first domain
> controller and it is by no mean should have internet
> access through PUBLIC STAIC IP ADDRESS from ISP?
>
>
> I talked earlier about Only Windows 2000 server Router is
> allowed. I wonder if I am right. Have 2 NIC card in
> Machine One connected to PUBLIC IP Address through WAN
> interface of ISP ROUTER. Second NIC for Workstations to
> gain INTERNET ACCESS.
>
> I just don't know do i need to have this second windows
> 2000 server machine to be a MEMBER of Active Directory
> Domain? Should I have DHCP server installed on this
> machine so that all other workstations get the private IP
> address? Should I have NAT server install on this machine?
>
> Does Windows NT 4.0 server has to be a MEMBER of Windows
> 2000 server domain. Will users be able to access Fiels and
> application on NT server Machine once authincated through
> Windows 2000 server domain......
>
>
>
> I know , I know there are so many questions , I do have
> some concepts but I am no PRO or have Proper trainng. Can
> someone help me pleas please someone...anyhelp I will
> really apprieciate ..Pleas please.....
>
>
>
!